Re: iked(8): Removing SHA1 from default transforms

Fri, 01 May 2020 15:25:13 -0700 

Hi,
I actually read your thread. By what I understood you're at the moment trying to change a few defaults. 


That was the reason I wanted to add SHA1 for removal. I just thought it 
deserved a seperate thread.



I do understand that you're trying to be careful with removing or 
changing defaults. From my point of view everybody that is (maybe 
implicitly) using SHA1 right now is better off to be get this wakeup 
call the earlier the better.



We aren't even removing SHA1 we're just not offering it as default. And 
for those Windows boxes who require it, those people just have to add a 
line to explicitly enable it. I would not see such big of a problem.



"Also: the mentioned sha1 transform is also a HMAC construction and technically
safe to use (for now), same as the PRF."


I don't get how this could be ? SHA-1 for signage and hash generation is 
colliding. How can it be that this doesn't apply for iked ?



g,

Stephan


On 02/05/2020 00:03, Tobias Heider wrote:

On Fri, May 01, 2020 at 11:35:23PM +0200, Stephan Mending wrote:

Hi *,

this diff removes SHA1 as default transform for integrity algorithms.

It's been broken long enough. Let's at least get rid of it in iked's
defaults.

SHA1 is officially broken since 2011 and there have been doubts about it
since 2005.

Though using SHA1 in combination with HAMC as pseudorandom function is
perfectly fine as of today.


OK?

Thank you for the diff.

It's not as if we haven't thought about removing this transform, but before
doing so we need to do some testing to ensure we don't break existing setups.
See this mail from yesterday:
https://marc.info/?l=openbsd-tech&m=158828278120230&w=2

Also: the mentioned sha1 transform is also a HMAC construction and technically
safe to use (for now), same as the PRF.



Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.99
diff -u -p -r1.99 parse.y
--- parse.y     30 Apr 2020 21:11:13 -0000      1.99
+++ parse.y     1 May 2020 21:19:41 -0000
@@ -144,7 +144,6 @@ struct iked_transform ikev2_default_ike_
         { IKEV2_XFORMTYPE_PRF,  IKEV2_XFORMPRF_HMAC_SHA2_256 },
         { IKEV2_XFORMTYPE_PRF,  IKEV2_XFORMPRF_HMAC_SHA1 },
         { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },
-       { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_CURVE25519 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_ECP_521 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_ECP_384 },
@@ -164,7 +163,6 @@ struct iked_transform ikev2_default_esp_
         { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 },
         { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 },
         { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },
-       { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },
         { IKEV2_XFORMTYPE_ESN,  IKEV2_XFORMESN_ESN },
         { IKEV2_XFORMTYPE_ESN,  IKEV2_XFORMESN_NONE },
         { 0 }

ndex: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.99
diff -u -p -r1.99 parse.y
--- parse.y     30 Apr 2020 21:11:13 -0000      1.99
+++ parse.y     1 May 2020 21:19:41 -0000
@@ -144,7 +144,6 @@ struct iked_transform ikev2_default_ike_
         { IKEV2_XFORMTYPE_PRF,  IKEV2_XFORMPRF_HMAC_SHA2_256 },
         { IKEV2_XFORMTYPE_PRF,  IKEV2_XFORMPRF_HMAC_SHA1 },
         { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },
-       { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_CURVE25519 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_ECP_521 },
         { IKEV2_XFORMTYPE_DH,   IKEV2_XFORMDH_ECP_384 },
@@ -164,7 +163,6 @@ struct iked_transform ikev2_default_esp_
         { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 },
         { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 },
         { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },
-       { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 },
         { IKEV2_XFORMTYPE_ESN,  IKEV2_XFORMESN_ESN },
         { IKEV2_XFORMTYPE_ESN,  IKEV2_XFORMESN_NONE },
         { 0 }
























					Reply via email to